similarly, if I use swauthswauth-add-user [options] <account> <user> <password>

I don't understand the relation beteween the account and user.
It seems to me that we can have multiple users under one account.
So, does every account have its own namespace for username ? I mean can user in different account have the same username?

What's the difference beween users in the same account and users in different account ?
Is there some access rule for that?

"Generally speaking, each user has their own storage account and has full access to that account. Users must authenticate with their credentials as described above, but once authenticated they can create/delete containers and objects within that account. The only way a user can access the content from another account is if they share an API access key or a session token provided by your authentication system."

I get confused, should I give each user a different account or we can let users share one account.
And if users share one account, what's their permission to those containers and objects created by others who are in
the same account with them ?

2.
the confusion about user access permisson in one account lead to my second question
How do I implement acl rules for users

Since the swift cli is build above swift restful api, I think there should be someway I can directly use restful api to set acl rules for both containers and objests, right?
So, I guess I must have missed some documents about this kind of api, please help me find that.

3. about reseller , admin

From both swauth and tempauth, when you create a user, you can make the user a reseller admin or accout admin.
in tempauth: user_<account>_<user> = <key> [group] [group] [...] [storage_url]
group can be .reseller_admin .admin